StubHub has an open platform where customers can register to buy and sell tickets. They offer their customers ways to interact and share their tickets and/or find the tickets they want online, via mobile, social networks, and other sources.
While StubHub’s open platform enables exchanges between buyers and sellers, it also provides a resource for criminals trying to verify credentials they have stolen from other sources.
To thwart the thieves, StubHub turned to SilverTail to help discover and isolate user behaviors that were suspicious. SilverTail provides analysis of suspicious behavior on a website or event to detect fraudulent activity and send alerts to customers.
“We found a group of fraudsters who had stolen credit cards and were creating accounts on our site for the purposes of validating whether or not those cards were good. They would take a card and add it to an account they had signed up for; our system would verify that the card was good”, Capps explained.
“The fraudsters were using our business logic that we need for our customers to potentially get information about their stolen credit cards. They were hitting us pretty hard, and traditional security measures…did not identify cases where the fraudsters were using our site in the way we intend our customers to use the site”, he told Infosecurity.
“When we put the SilverTail forensic product in place, we started seeing this run up in transactions that wasn’t normal for our customer base. We identified a potential fraud trend where we were not being defrauded but being utilized by the fraudsters in other ways. We plugged that hole”, he said.
StubHub also found that fraudster were using the company’s platform to guess passwords from credentials being disclosed by hacktivists, such as Anonymous. “Every time one of those credential lists hit the wire, we would start to see those lists being run against our login pages to verify whether the credentials overlapped with credentials on our site. The fraudsters know that people reuse their password. And most e-commerce sites now use email addresses as user names, so it becomes pretty easy to guess the password”, Capps said.
The company decided to work with SilverTail on a “disinformation” campaign to prevent the fraudsters from obtaining passwords. “When you identify that some type of scripted attack is under way, whether they are trying to validate credentials or doing something else on your site, we thought we might be able to mix up the way we respond to those individuals. Can we provide some disinformation around whether or not a credential is legitimate?”, he explained.
That type of disinformation would normally require a lot of “heavy lifting” with the application code, which would take a lot of time and effort in software development. SilverTail’s mitigation product enables StubHub to use its detection technique to trigger a response that could change StubHub’s response level to the fraudster, he said.
Capps said his company plans to implement this disinformation effort in the next month to 45 days.